#!/usr/bin/tclsh
lappend auto_path [file dirname [info script]]
package require ossltest
cd $::test::dir
start_tests "Тесты на команду cms - вторая подпись" 

test "Creating CA" {
	makeCA
} 0 1

makeFile cms_signed2.dat "Test data for 2 signatures"


foreach length {256 512} {

test "Creating users $length" {
	makeRegisteredUser U_cms_1_$length gost2012_$length:A CN USER1_$length emailAddress test@cryptocom.ru
	makeRegisteredUser U_cms_2_$length gost2012_$length:A CN USER2_$length emailAddress test@cryptocom.ru
} 0 1

test -createsfiles cms_signed2_1_$length.asn "Signing in DER format with 1st signature" {
	openssl "cms -sign -binary -outform der -inform der -nodetach -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length.asn"
	file isfile cms_signed2_1_$length.asn
} 0 1

test -createsfiles cms_signed2_2_$length.asn "Signing in DER format with 2nd signature" {
	openssl "cms -resign -binary -outform der -inform der -nodetach -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length.asn -out cms_signed2_2_$length.asn"
	file isfile cms_signed2_2_$length.asn
} 0 1

test -createsfiles {was_signed.dat signer.certs} "Verifying signature in DER format" {
	grep "Verif" [openssl "cms -verify -inform der -in cms_signed2_2_$length.asn -noverify -signer signer.certs -out was_signed.dat"]
} 0 {Verification successful
}

test "Signed data is extracted correctly" {
	string eq [getFile cms_signed2.dat] [getFile was_signed.dat]
} 0 1

### Test extracted sertificates

test "Extracting signer certificates" {
	set i 0
	set subjs {}
	set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
	foreach cert $certs {
		makeFile cert[incr i].pem $cert
		lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]]
	}
	lsort $subjs
} 0  "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
}"

test -createsfiles cms_signed2_1_$length\_op.msg "Signing opaque in S/MIME format with 1st signature" {
	openssl "cms -sign -binary -inform der -nodetach -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length\_op.msg"
	file isfile cms_signed2_1_$length\_op.msg
} 0 1

test -createsfiles cms_signed2_2_$length\_op.msg "Signing opaque in S/MIME format with 2nd signature" {
	openssl "cms -resign -binary -nodetach -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length\_op.msg -out cms_signed2_2_$length\_op.msg"
	file isfile cms_signed2_2_$length\_op.msg
} 0 1

test -createsfiles {was_signed.dat signer.certs} "Verifying opaque signature in S/MIME format" {
	grep "Verif" [openssl "cms -verify -in cms_signed2_2_$length\_op.msg -noverify -signer signer.certs -out was_signed.dat"]
} 0 {Verification successful
}

test "Signed data is extracted correctly" {
	string eq [getFile cms_signed2.dat] [getFile was_signed.dat]
} 0 1

### Test extracted sertificates

test "Extracting signer certificates" {
	set i 0
	set subjs {}
	set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
	foreach cert $certs {
		makeFile cert[incr i].pem $cert
		lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]]
	}
	lsort $subjs
} 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
}"

test -createsfiles cms_signed2_1_$length\_det.asn "Signing detached in DER format with 1st signature" {
	openssl "cms -sign -binary -outform der -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length\_det.asn"
	file isfile cms_signed2_1_$length\_det.asn
} 0 1

test -createsfiles cms_signed2_2_$length\_det.asn "Signing detached in DER format with 2nd signature" {
	openssl "cms -resign -binary -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length\_det.asn -content cms_signed2.dat -inform der -outform der -out cms_signed2_2_$length\_det.asn"
	file isfile cms_signed2_2_$length\_det.asn
} 0 1

test -createsfiles {was_signed.dat signer.certs} "Verifying detached signature in DER format" {
	grep "Verif" [openssl "cms -verify -in cms_signed2_2_$length\_det.asn -noverify -signer signer.certs -out was_signed.dat -content signed2.dat -inform der"]
} 0 {Verification successful
}

test "Signed data is extracted correctly" {
	string eq [getFile cms_signed2.dat] [getFile was_signed.dat]
} 0 1

### Test extracted sertificates

test "Extracting signer certificates" {
	set i 0
	set subjs {}
	set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
	foreach cert $certs {
		makeFile cert_asn[incr i].pem $cert
		lappend subjs [grep subject [openssl "x509 -in cert_asn$i.pem -subject -noout"]]
	}
	lsort  $subjs
} 0  "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
}"

test -createsfiles cms_signed2_1_$length.msg "Signing in S/MIME format with 1st signature" {
	openssl "cms -sign -binary -inform der -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length.msg"
	file isfile cms_signed2_1_$length.msg
} 0 1

test -createsfiles cms_signed2_2_$length.msg "Signing in S/MIME format with 2nd signature" {
	grep "SMIME" [openssl "cms -resign -binary -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length.msg -inform smime -out cms_signed2_2_$length.msg"]
} 0 ""

test -createsfiles {was_signed.dat  signer.certs} "Verifying signature in S/MIME format" {
	grep "Verif" [openssl "cms -verify -in cms_signed2_2_$length.msg -noverify -signer signer.certs -out was_signed.dat -inform smime"]
} 0 {Verification successful
}

test "Signed data is extracted correctly" {
	string eq [getFile cms_signed2.dat] [getFile was_signed.dat]
} 0 1

### Test extracted sertificates

test "Extracting signer certificates" {
	set i 0
	set subjs {}
	set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
	foreach cert $certs {
		makeFile cert_cms[incr i].pem $cert
		lappend subjs [grep subject [openssl "x509 -in cert_cms$i.pem -subject -noout"]]
	}
	lsort $subjs
} 0  "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
}"

}


test "Resigning in DER format with a unsuitable key length 512" {
	openssl "cms -resign -binary -inform der -nodetach -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256.asn"
} 1 "no matching digest"

test "Resigning in DER format with a unsuitable key length 256" {
	openssl "cms -resign -binary -inform der -nodetach -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512.asn"
} 1 "no matching digest"

test "Resigning opaque in S/MIME format with a unsuitable key length 512" {
	openssl "cms -resign -binary -nodetach -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256_op.msg"
} 1 "no matching digest"

test "Resigning opaque in S/MIME format with a unsuitable key length 256" {
	openssl "cms -resign -binary -nodetach -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512_op.msg"
} 1 "no matching digest"

test "Resigning detached in DER format with a unsuitable key length 512" {
	openssl "cms -resign -binary -inform der -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256_det.asn -content cms_signed2.dat"
} 1 "no matching digest"

test "Resigning detached in DER format with a unsuitable key length 256" {
	openssl "cms -resign -binary -inform der -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512_det.asn -content cms_signed2.dat"
} 1 "no matching digest"

test "Resigning in S/MIME format with a unsuitable key length 512" {
	openssl "cms -resign -binary -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256.msg"
} 1 "no matching digest"

test "Resigning in S/MIME format with a unsuitable key length 256" {
	openssl "cms -resign -binary -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512.msg"
} 1 "no matching digest"


end_tests



#./load_engine cms -sign -binary -outform der -inform der -nodetach -inkey certs/fstek.key -signer certs/fstek.crt -out cms_signed2 -in cms_signed1
#./load_engine cms -verify -inform der -in cms_signed2 -noverify
#./load_engine cms -verify -inform der -in cms_signed2 -noverify -signer sss
#cat sss
#history 
#vim sss
#./load_engine x509 -in sss sss2
#./load_engine x509 -in sss 
#./load_engine x509 -in sss -subject -noout
#./load_engine x509 -in sss2 -subject -noout
#./load_engine cms -verify -inform der -in cms_signed2 -noverify -signer sss -out qqq
